Tools feat-default

Published on August 10th, 2012 | by NJ Ouchn

0

Web Application Exploiter (WAppEx) v1.0 in the wild

WAppEx is an integrated platform for performing penetration testing and exploiting of web applications on Windows or Linux. It can automatically check for all type of security vulnerabilities in the given target and then let you to run various payloads to exploit and take advantages of the vulnerability. WAppEx is a multi platform application and it is executable in Linux and Windows.WAppEx‘s database which includes hundreds of exploits provides an automated, comprehensive and reliable exploit for penetration testers and security professionals worldwide.
Regular database update is available. Top priorities are high-risk and zero-day vulnerabilities.
Payloads for using in exploits are reliable payloads which contains connect-back, listener shell, arbitrary code execution, arbitrary file upload,…

http://itsecteam.com/sites/default/files/products_images/lfi.png
WAppEx‘s script based engin let experienced users write their own scripts and payloads to test and exploit any vulnerability in web applications.
Software and vulnerability updates are available at any time and a daily support is available via phone or email. WAppEx can exploit the following web application vulnerabilities:
  • SQL Injection

The most dangerous vulnerability in web applications. WAppEx uses Havij – Advanced SQL Injection Tool engine to find and exploit this vulnerability.

  • Remote File Inclusion:

It allows an attacker to include a remote file. WAppEx can check for this vulnerability and run various payloads to execute commands on web server.

  • Local File Inclusion

It allows an attacker to include a local file. Just like RFI WAppEx tests and exploits this vulnerability.

  • OS Commanding:

It let the attacker to execute OS commands on server. WAppEx tests and exploits this vulnerability to execute custom commands to get a reverse shell.

  • Script injection:

It can be used by an attacker to introduce (or “inject”) script into a web application. WAppEx automatically tests and exploit this vulnerability to escalate access to web server and get a reverse shell.

  • Local File Disclosure

as the name says it disclosure content of local files on the web server. WAppEx can exploit this vulnerability to read sensitive files on the server.

WAppEx contains the following tools to help you in penetration testing and exploiting web apps.
  • Online Hash Cracker: A tool for cracking hashes using the reverse lookup in online sites.
  • Encoder/Decoder: An encoder/decoder with a complete encryption algorithms.
  • Find Login Page: It looks for login pages on a target.
  • Browser: A small browser you can use to view source code and HTTP headers.

WAppEx is so easy to use and also so flexible. It doesn’t matter you’re a beginner or a professional, using WAppEx makes your works easier, faster and more effective.

Download

Download Post in PDF Save Post as PDF

Tags: , , ,


About the Author

Principal Founder & Maintainer - Freelancer ICS/SCADA Security Expert As part of my research, I'm focusing into maintaining many projects as the DPE (Default Password Enumeration), vFeed® the open source correlated & cross-linked vulnerability database and FireCAT the Firefox Catalog of Auditing exTensions. Today, I'm the co-organizer of the major event Blackhat Arsenal Tools (US and Europe) since 2011 and since 2014 co-organizer of Rooted Warfare in Spain. I'm going by the handle of @toolswatch on Twitter and always willing to help, share and drink with friends from far and wide.



Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Back to Top ↑